public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed
From: Rodrigo Ventura <yoda@isr.ist.utl.pt>
To: linux-kernel@vger.kernel.org
Subject: bridge and netfilter
Date: 14 Jul 2001 19:59:32 +0100	[thread overview]
Message-ID: <lx7kxbxror.fsf@pixie.isr.ist.utl.pt> (raw)


        Hi everyone. What's the current status of the kernel bridging
code with respect to netfilter stack? We want to put a transparent
firewall working. So we need to apply netfilter rules to the packets
between two interfaces in the same bridge group.

        We've looked into the bridge-utils web pages, they mention a
kernel patch to make bridged packets to through the netfilter stack,
but the last patch update is for kernel 2.2.x.

        Does the current 2.4.x kernels include netfiltering bridged
packets? I just saw some references to netfilter in the bridge code, I
was wondering what they actually do...

        Cheers,

        PS: I did some experimentation with openbsd, and the fact is
they do support packet filtering over bridged packets, seamlessly
integrated into the whole operating system. Very neat indeed...

        PPS: Our dilemma is this: we have openbsd that filters bridged
packets but does not provide (AFAIK) sophisticated queuing policies,
and we have linux that does it (iproute2) but does not filter bridged
packets... :-\

-- 

*** Rodrigo Martins de Matos Ventura <yoda@isr.ist.utl.pt>
***  Web page: http://www.isr.ist.utl.pt/~yoda
***   Teaching Assistant and PhD Student at ISR:
***    Instituto de Sistemas e Robotica, Polo de Lisboa
***     Instituto Superior Tecnico, Lisboa, PORTUGAL
*** PGP fingerprint = 0119 AD13 9EEE 264A 3F10  31D3 89B3 C6C4 60C6 4585

             reply	other threads:[~2001-07-14 18:59 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2001-07-14 18:59 Rodrigo Ventura [this message]
2001-07-15 11:10 ` bridge and netfilter Patrick Cole

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=lx7kxbxror.fsf@pixie.isr.ist.utl.pt \
    --to=yoda@isr.ist.utl.pt \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox